Credit cards

• Introduction to on-line credit card payments
• How do on-line credit card payments work?
• Security
• Security risks
• Secure Socket Layer (SSL) security
• Secure Electronic Transaction (SET) security
• Advantages of on-line credit card payments
• Disadvantages of on-line credit card payments
• What do credit card payments cost?
• What do I need to do to make an on-line payment with my credit card?
• Questions?

Introduction to on-line credit card payments

Originally, credit cards were an off-line payment method. They were not developed for use on the Internet. However, rapid processing and the low risk level involved in credit card transactions make the credit card an ideal on-line payment method. Payment for most Internet purchases is currently made using a credit card. In 1999, approximately 35% of all on-line transactions were paid with a credit card [1].

How do on-line credit card payments work?

1. The purchaser selects a product from the assortment of an on-line shop.
2. At the cash register, the purchaser indicates that he or she wishes to pay for the selected product using a credit card.
3. The purchaser fills in his or her credit card number and the expiration date of the credit card.
4. This information is immediately submitted, on-line, to the credit card company for authorization.
5. The credit card company authorizes the transaction and notifies the on-line shop and the purchaser.
6. After receiving the authorization, the on-line shop arranges delivery of the product to the purchaser. The payment amount is transferred to the account of the on-line shop within 10 workdays and debited to the purchaser’s credit card account.

If the transaction cannot be authorized, the on-line shop and the purchaser are notified. The purchaser can then opt to use another payment method.

These steps take a matter of seconds. Submission of the information to the credit card company, authorization and return of the authorization to the purchaser and the on-line shop can usually be accomplished in less than 15 seconds.

Security

Security risks

Credit card transactions processed via an insecure connection, i.e. via a site without proper risk-elimination facilities for credit card transactions, involve the following risks:

1. The Internet is an open network with very basic security provisions. This means that unauthorized parties can intercept credit card data submitted via the Internet.
2. Because the transaction is processed without a signature, the identity of the cardholder cannot be authenticated. In addition, the merchant may not be authorized to accept credit card payments.
3. Credit card data are visible to the Internet merchant. The merchant could use these data to make purchases, but this could also happen with off-line transactions.

These risks can be eliminated using the SSL and SET security protocols. These protocols are explained below.

Secure Socket Layer (SSL) security

SSL is a protocol that secures the connection between the purchaser’s browser and a secure Internet server. The message containing the credit card data is also encrypted, which makes the data inaccessible to unauthorized parties. SSL does not secure the applications or documents on the merchant site or server, but secures only the connection.

Use of the SSL protocol drastically reduces the risk of data being intercepted as they travel over the Internet.

Secure Electronic Transaction (SET) security

SET is a protocol that uses electronic certificates to identify the various parties. These certificates are used to encrypt the information, to authenticate the identities of the parties and to place digital signatures on the information. The SET protocol is a more powerful protocol than the SSL protocol. The certificates are actually a digital copy of the original credit card, i.e. a virtual credit card. Because the protocol uses unique certificates for the various parties, all of the parties involved can be absolutely certain that they are doing business with properly authorized parties. The certificates also make it impossible for unauthorized parties to intercept the card data.

The purchaser’s software generates and individually encrypts two information packages. One of the packages contains the order information and is destined for the on-line shop. Only the on-line shop can ready this package. The other package contains the payment information (credit card number, expiration date and amount). The transaction is authorized or rejected based on this package, which only the credit card company can read. Separation of the order and credit card data make it impossible for the on-line shop to acquire the credit card data.

Advantages of on-line credit card payments

1. The authorization procedure can be completed in a matter of seconds.
2. The entire transaction is handled on-line, i.e. the need to perform off-line activities related to the transaction is eliminated for both the purchaser and the shop.
3. If the on-line shop fails to fulfill its part of the bargain, the purchaser can request restitution of the payment amount from his or her credit card company.

Disadvantages of on-line credit card payments

The disadvantages of on-line credit card payments are limited, provided the payment is made using a secure connection. Use of the SET protocol eliminates all risk and use of the SSL protocol involves a negligible risk. Never release your credit card data via the Internet without using one of these protocols. Doing so would expose you to significant risk!

What do credit card payments cost?

Credit card companies charge their customers an annual fee for their credit cards. No other fees are applicable to the purchaser. The credit card holder pays no extra charge for making an on-line credit card payment.

What do I need to do to make an on-line payment with my credit card?

1. First of all, you must have a credit card. A credit card can be obtained from your bank or from a credit card company. Additional information is available on the Internet at www.visa.nl and www.eurocard.nl.
2. To make an on-line credit card payment with SSL, check the payment methods accepted by the on-line shop. If your credit card is accepted, select it from the list of payment methods. If the on-line shop does not use SSL, your browser will display a warning indicating that your data are being transmitted over an unsecured connection. Cancel the transaction. If no message appears, you can safely make a credit card payment.
3. To make an on-line credit card payment with SET, you must have SET software installed on your system. Your bank can provide you with the necessary information. Once the software has been installed, you can make on-line credit card payments at any on-line shop that uses the SET protocol.

How does Triple Deal Payment Services handle credit card payments?

Triple Deal Payment Services receives your payment and transfers it through to the merchant. When Triple Deal receives your payment, it immediately notifies the merchant that the payment has been received. The name of the on-line shop appears on your credit card bill.

Questions?

If you would like to receive additional information on Triple Deal Payment Services, please send a message to the Triple Deal Business Service Desk via e-mail at service@paymentservice.tripledeal.com.

Please contact your bank or credit card company for additional information on credit cards.

[1] Source: ‘Internet Payments’, a Dutch language document jointly published by the Electronic Commerce Platform Netherlands and the National Chipcard Platform, January 2000.